You have Javascript disabled. While you will generally be able to browse this site without Javascript, many functions and some links on this site will not work without it. We strongly recommend enabling Javascript in your browser. By continuing to use this site you consent to this site and our partners useing cookies for improving user experience, remembering prior visitors, providing special offers, and marketing to our visitors. See Privacy Policy for details and how to disable cookies.

Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

By using this site you consent to us using cookies for improving user experience, identifying returning visitors, providing special offers, and marketing to our visitors. See Privacy Policy for details and how to disable cookies.

SSH (Secure Shell)

This is the home page for the SSH (Secure Shell) protocol, software, and related information. SSH is a software package that enables secure system administration and file transfers over insecure networks. It is used in nearly every data center, in every larger enterprise.

This page is maintained by the inventor of SSH, Tatu Ylonen (twitter: @tjssh). He wrote ssh-1.x and ssh-2.x, and still works on related topics. The open source OpenSSH implementation is based on his free version.

The SSH protocol

The SSH protocol uses encryption to secure the connection between a client and a server. All user authentication, commands, output, and file transfers are encrypted to protect against attacks in the network. For details of how the SSH protocol works, see the protocol page. To understand the SSH File Transfer Protocol, see the SFTP page.

Download client software

Here you can find links to download various free SSH implementations. We offer various free SSH implementations for download, and provide links to commercial implementations.

List of SSH implementations

We list various SSH implementations here. Feel free to submit additional implementations for this page. For many implementations we offer a review, installation instructions, guidance, and/or how-tos on this site.

Security of SSH and attacks against it

The SSH protocol is believed to be secure against cryptographic attacks on the network, provided keys and credentials are properly managed. However, we do not recommend usingdiffie-hellman-group1-sha1 key exchange. It uses a 768 bit Diffie-Hellman group, which may be breakable by governments today. Larger groups are probably ok. Recent OpenSSH versions have disabled this group by default. See sshd_config for configuring what key exchanges to use.

Automate with SSH keys, but manage them

SSH keys can be used to automate access to servers. They are commonly used in scripts, backup systems, configuration management tools, and by developers and sysadmins. They also provide single sign-on, allowing the user to move between his/her accounts without having to type a password every time. This works even across organizational boundaries, and is highly convenient.

However, unmanaged SSH keys can become a major risk in larger organizations.

The PrivX On-Demand Access Manager can be used as an alternative for SSH keys, eliminating the need for permanent keys and passwords on servers entirely.

History of the SSH protocol

The Secure Shell protocol was originally developed by Tatu Ylonen in 1995 in response to a hacking incident in the Finnish university network. A password sniffer had been installed on a server connected directly to the backbone, and when it was discovered, it had thousands of usernames and passwords in its database, including several from Ylonen's company.

That incident triggered Ylonen to study cryptography and develop a solution he could use himself for remote login over the Internet safely. His friends proposed additional features, and three months later, in July 1995, Ylonen published the first version as open source. It became OpenSSH. Later he took the protocol for standardization at the IETF and designed the SSH File Transfer Protocol (SFTP).

Ylonen still works on topics related to Secure Shell, particularly around key management, as well as broader cybersecurity topics.

Today, the protocol is used for managing more than half of world’s web servers and practically every Unix or Linux computer, on-premise and in the cloud. Information security specialists and system administrators use it to configure, manage, maintain, and operate most firewalls, routers, switches, and servers in the millions of mission-critical networks and environments of our digital world. It is also embedded inside many file transfer and systems management solutions.